diff options
| author | Werner Koch <wk@gnupg.org> | 2021-09-13 16:45:15 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2021-09-13 16:50:11 +0200 |
| commit | 69e2e498f6a14cfa731cb5718bdb64f440f1c829 (patch) | |
| tree | 9f8d8f058a2131f19f8ddaa03a89611ccb8fd26c | |
| parent | 709a41ef540e6daf2b384a565c6a7f7b79c9c36d (diff) | |
| download | libgcrypt-69e2e498f6a14cfa731cb5718bdb64f440f1c829.tar.gz | |
cipher: Clear AESWRAP scratch area immediately after use
* cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_decrypt): Call
wipememory.
--
Note that gcry_cipher_close will do this also but some applications
keep the context for a long time and thus plaintext could be found in
memory during the time the context is open.
GnuPG-bug-id: 5597
| -rw-r--r-- | cipher/cipher-aeswrap.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/cipher/cipher-aeswrap.c b/cipher/cipher-aeswrap.c index a8d0e03e..46c30c87 100644 --- a/cipher/cipher-aeswrap.c +++ b/cipher/cipher-aeswrap.c @@ -187,6 +187,7 @@ _gcry_cipher_aeswrap_decrypt (gcry_cipher_hd_t c, memcpy (r+(i-1)*8, b+8, 8); } } + wipememory (b, 16); /* Clear scratch area. */ /* If an IV has been set we compare against this Alternative Initial Value; if it has not been set we compare against the standard IV. */ |